﻿using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.SqlClient;

public partial class SysYcjy_myaccount : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        if (!IsPostBack)
        {
            Session["sTittle"] = "我的帐户>>修改信息";
            //CssInMasterPage.AddStyleSheet(this.Page, "../css/style.css");
        }
    }

    protected void DetailsView1_Updated(object sender,EventArgs e)
    {
        DetailsViewRow row = DetailsView1.Rows[3];
        var cell = row.Cells[1] as DataControlFieldCell;
        if (cell != null)
        {
            var tb = cell.FindControl("txtusername1") as TextBox;
            if(tb != null)
            {
                Session["sUserName1"] = tb.Text;
            }
        }

    }

    /// <summary>
    /// 去除框架、去除连接、去除脚本等特殊字符。
    /// </summary>
    /// <param name="html"></param>
    /// <returns></returns>
    private string checkStr(string html)
    {
        System.Text.RegularExpressions.Regex regex1 = new System.Text.RegularExpressions.Regex(@"<script[\s\S]+</script *>", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
        //System.Text.RegularExpressions.Regex regex2 = new System.Text.RegularExpressions.Regex(@" href *= *[\s\S]*script *:", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
        System.Text.RegularExpressions.Regex regex2 = new System.Text.RegularExpressions.Regex(@"(<a(.|\s)*?>)|</a>", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
        System.Text.RegularExpressions.Regex regex3 = new System.Text.RegularExpressions.Regex(@" on[\s\S]*=", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
        System.Text.RegularExpressions.Regex regex4 = new System.Text.RegularExpressions.Regex(@"<iframe[\s\S]+</iframe *>", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
        System.Text.RegularExpressions.Regex regex5 = new System.Text.RegularExpressions.Regex(@"<frameset[\s\S]+</frameset *>", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
        //System.Text.RegularExpressions.Regex regex6 = new System.Text.RegularExpressions.Regex(@"\<img[^\>]+\>", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
        System.Text.RegularExpressions.Regex regex7 = new System.Text.RegularExpressions.Regex(@"</p>", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
        System.Text.RegularExpressions.Regex regex8 = new System.Text.RegularExpressions.Regex(@"<p>", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
        System.Text.RegularExpressions.Regex regex9 = new System.Text.RegularExpressions.Regex(@"<[^>]*>", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
        //System.Text.RegularExpressions.Regex regex10 = new System.Text.RegularExpressions.Regex(@"\W*|[`~#$^&*()=|{}':;',<>/?~#￥……—{}【】‘”“']", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
        html = regex1.Replace(html, ""); //过滤<script></script>标记 
        html = regex2.Replace(html, ""); //过滤href=javascript: (<A>) 属性 
        html = regex3.Replace(html, " _disibledevent="); //过滤其它控件的on...事件 
        html = regex4.Replace(html, ""); //过滤iframe 
        html = regex5.Replace(html, ""); //过滤frameset 
        //html = regex6.Replace(html, ""); //过滤img
        html = regex7.Replace(html, ""); //过滤frameset 
        html = regex8.Replace(html, ""); //过滤frameset 
        html = regex9.Replace(html, "");//过滤html标签。
        //html = regex10.Replace(html, "");
        html = html.Replace("'", "");
        html = html.Replace("=", "");
        //html = html.Replace(" ", "");
        html = html.Replace("</strong>", "");
        html = html.Replace("<strong>", "");
        return html;
    }

    protected void SqlDataSource1_Updating(object sender, SqlDataSourceCommandEventArgs e)
    {
        string sql;
        string username1 = "";
        TextBox tb1 = this.DetailsView1.Rows[3].Cells[1].FindControl("txtusername1") as TextBox;
        if (tb1 != null)
        {
            username1 = checkStr(tb1.Text);
        }
        string gzdw = "";
        TextBox tb2 = this.DetailsView1.Rows[4].Cells[1].FindControl("txtgzdw") as TextBox;
        if (tb2 != null)
        {
            gzdw = checkStr(tb2.Text);
        }
        string city = "";
        TextBox tb3 = this.DetailsView1.Rows[6].Cells[1].FindControl("txtcity") as TextBox;
        if (tb3 != null)
        {
            city = checkStr(tb3.Text);
        }
        string mobile = "";
        TextBox tb4 = this.DetailsView1.Rows[7].Cells[1].FindControl("txtmobile") as TextBox;
        if (tb4 != null)
        {
            mobile = checkStr(tb4.Text);
        }
        string email = "";
        TextBox tb5 = this.DetailsView1.Rows[10].Cells[1].FindControl("txtemail") as TextBox;
        if (tb5 != null)
        {
            email = checkStr(tb5.Text);
        }
        string grjj = "";
        TextBox tb6 = this.DetailsView1.Rows[11].Cells[1].FindControl("txtgrjj") as TextBox;
        if (tb6 != null)
        {
            grjj = checkStr(tb6.Text);
        }
        sql = string.Format("UPDATE [account] SET [grjj]='{0}', [gzdw] = '{1}', [username1] = '{2}',  [city] = '{3}', [mobile] = '{4}', [email] = '{5}' WHERE [username] = '{6}'", grjj, gzdw, username1, city, mobile, email, Session["sUserName"].ToString());
        
        SqlConnection MyConnection = new SqlConnection(System.Configuration.ConfigurationManager.AppSettings["gConnectionString"]);
        SqlCommand myCommand = new SqlCommand(sql, MyConnection);
        MyConnection.Open();
        myCommand.ExecuteNonQuery();
        MyConnection.Close();
    }
}
